Lucene search
K

2668 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:36 a.m.5 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5.3CVSS6.6AI score0.01181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.8 views

CVE-2019-10362

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...

5.5CVSS6.7AI score0.00737EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:10 p.m.7 views

CVE-2003-0932

Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long 1 command line or 2 environment variable...

4.6CVSS7.7AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:56 p.m.7 views

CVE-2003-0454

Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable...

7.2CVSS7AI score0.03253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:42 p.m.9 views

CVE-2003-0061

Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable...

7.2CVSS7.8AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:32 p.m.6 views

CVE-2002-2087

Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling 1 gdsdrop, 2 gdslockmgr, or 3 gdsinetserver...

4.6CVSS7.8AI score0.01265EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:1 p.m.6 views

CVE-2008-7278

The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...

5CVSS7AI score0.01984EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:8 p.m.6 views

CVE-1999-0388

DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root...

4.6CVSS7.2AI score0.00661EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/21 5:43 p.m.10 views

CVE-2025-48069 ejson2env has insufficient input sanitization

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...

6.6CVSS7AI score0.01334EPSS
Exploits0References2
NVD
NVD
added 2025/05/16 8:15 p.m.18 views

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

7.8CVSS0.0039EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/16 7:32 p.m.12 views

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

7AI score0.0039EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/16 7:32 p.m.89 views

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

0.0039EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2025/05/16 7:32 p.m.30 views

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

7.8CVSS6.8AI score0.0039EPSS
Exploits1
OSV
OSV
added 2025/05/14 9:31 p.m.6 views

GHSA-Q7C3-X7HM-QQ72 Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS6.5AI score0.00609EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/14 9:31 p.m.14 views

Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS6.6AI score0.00609EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2025/05/13 8:42 a.m.5 views

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

7.5CVSS5.7AI score0.01077EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/11 12:15 a.m.21 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS7.3AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/05/09 11:15 p.m.17 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/09 12:0 a.m.8 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS7.2AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/09 12:0 a.m.23 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS0.00134EPSS
Exploits0References1
Rows per page
Query Builder